13 matches found
CVE-2026-2633
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...
CVE-2023-31541
A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server...
Cross-site Scripting (XSS)
Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occu...
GHSA-GG8R-XJWQ-4W92 Cross-site scripting vulnerability in TinyMCE alerts
Impact A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which presents these dialogs when certain...
CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts
tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...
CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts
tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...
Fedora 30 : glpi (2019-e50f92e4c1)
Version 9.4.1.1 Non exhaustive list of changes : - security Bad chevrons rendering on dropdowns 5468 - security Iframe and forms are rendered in rich text contents 5519 - security Type juggling authentication bypass 5520 - security Malicious images upload 5580 - security Password token date was n...
Fedora 29 : glpi (2019-a66789a334)
Add security fix backported from 9.4 : - security Bad chevrons rendering on dropdowns 5468 - security Iframe and forms are rendered in rich text contents 5519 - security Type juggling authentication bypass 5520 - security Malicious images upload 5580 - security Password token date was not reset...
CVE-2017-1002000
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content...
FineCMS Cross-Site Scripting Vulnerability (CNVD-2017-15547)
FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the application/core/controller/images.php file in FineCMS 2017-07-12 and earlier versions. A remote attacker can exploit this vulnerability to...
Design/Logic Flaw
epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information...
CVE-2007-4026
CVE-2007-4026 affects the Epesi framework prior to 0.8.6. The issue: improper verification of file extensions during the gallery images upload feature, enabling remote attackers to upload and execute arbitrary PHP code via unspecified vectors. Documents do not provide explicit exploit steps or af...
CVE-2007-4026
epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information...